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REMARKS / ARGUMENTS 

A, Generally 

Claims 1-44 remain in this Application. Claims 1 and 25 have been amended to correct 
informalities in the claim language. New claim 26-44 have been added to recite additional 
limitations. No new matter has been added. 

B. Claim Rejections 35 U.S.C § 102 

Claims 1-2, 4-5, 12-15, 17, 20, and 23-25 have been rejected under 35 U.S.C. § 102(e) as 
having been anticipated by U.S. Patent 6,324,648 issued to Grantges, Jr. (herein, "Grantges"). 

"A claim is anticipated only if each and every element as set forth in the claim is found, 
either expressly or inherently described, in a single prior art reference." Verdegaal Bros. v. 
Union Oil Co. of California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). 

Claim 1 (as amended) of the present application recites the following limitations: 

1 . A software system for enabling remote data access to and task execution on a data 
processing system through a proxy server comprising: 

an instance of the software residing on the data processing system for receiving 
and analyzing requests and performing according to a request directive; and 

an instance of the software residing on the proxy server for identifying and 
authenticating a user and for redirecting requests to the data processing system; 

characterized in that a user connects to a network accessible to the data processing 
system and initiates a request for services, wherein the request is, after 
authentication of the user, redirected from the proxy server to the data processing 
system for task execution and possible return of results according to the contents 
of the request. 

The examiner determined that Grantges taught or disclosed each of the limitations of 
claim 1. Applicant respectfully disagrees for the reasons that follow. 

The present application and its claims are directed to providing proxy services to entities 
that are different in scope and structure to those described in Grantges. The differences between 
the system of Grantges and the system of claim 1 of the present invention can be clearly seen by 
comparing Figure 1 of Grantges and Figure 1 of the present application. This difference gives 
rise to different functionality that cannot be provided by Grantges. 

Grantges is directed to providing authenticated access for a client computer over an 
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insecure, public network to one of a plurality of destination servers on a private, secure network. 

The elements of the Grantges system are described as either residing on a public (insecure) side 

of a firewall or a private (secure) side of the firewall On the public side of the firewall, 

Grantges illustrates a web browser 22, an insecure network 26, and a DMZ server comprising a 

proxy server 34. According to Grantges, proxy server 34 "is provided principally for mapping 

purposes" (Grantges, Col. 6, lines 1-2) and is "configured to perform a first level authentication 

of the user of client computer 22" (Grantges, Col. 6, lines 12-13). 

Proxy server 34 communicates via firewall 32 to application gateway 38: 

Gateway proxy server 40 further performs well-known mapping functions, and, in 
accordance with the present invention, efficiently routes messages destined for various 
applications 24.sub.l, 24.sub.2, . . . , 24.sub.3 to the appropriate one of the destination 
servers 28. sub. 1, 28.sub.2, . . . , 28.sub.3. Gateway proxy server 40 may comprise 
conventional apparatus known to those of ordinary skill in the art, such as, for example, 
Netscape proxy server software running on conventional hardware. Grantges (Col. 6, 


Thus, Grantges teaches using two proxy servers between a user and the network device 
the user seeks to access. 

The DMZ proxy server 34 on the public side of firewall 32 does not "know" the URL of 
destination computers 28. This information resides on the private side of firewall 32 in gateway 
proxy server 40. To support this scheme requires a significant investment in hardware that the 
present invention seeks to avoid. 

Referring to Figure 1 of the present application, there is no proxy server on the private 
side of firewall router 109. Rather, an instance of a software system resides in the data 
processing system (116) to provide communication with proxy server 104. This instance of the 
software system is not described by Grantges because it is not contemplated by Grantges. 

Claim 1 of the present application is directed to a software system for enabling remote 

access to data on a data processing system. Claim 1 recites the limitation, "an instance of the 

software residing on the data processing system for receiving and analyzing requests and 

performing according to request directive." The examiner found that Grantges taught this 

limitation based on the following disclosure: 

According to the present invention, the proxy server is further configured to pass a 
message from the client computer to the destination server via the gateway when the 
authentication cookie is valid. (Grantges, Col. 3, lines 26-30.) 
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The excerpt, when considered in context of the whole Grantges disclosure, does not teach 
or describe an instance of the software running on a data processing system, and does not teach 
or describe a instance of software on a data processing system that validates requests and 
provides responses to requests. As recited in the limitation, an instance of the software system 
resides on the data processing system (the destination server in Grantges' terminology). Unlike 
the destination servers described by Grantges, the data processing servers of the present 
application perform the functions of analyzing and responding to requests for information from a 
user. As taught by the present application, placing this instance of the software system at the 
data processing system obviates the need for the application server of Grantges. 

Claim 1 further recites the limitation, "an instance of the software residing on the proxy 
server for identifying and authenticating a user and redirecting requests to the data processing 
system." The examiner cited text at column 3, lines 2-25 of Grantges as disclosing this 


In addition, the architecture of a computer system according to the invention 
maintains sensitive authentication data on an authorization server, which is on the 
secure, private network side of the firewall, reducing the likelihood of a 
successful "hacker" intrusion. 

A computer system is provided according to the present invention that allows 
access from a client computer over an insecure private network. Thexomputer 
system includes a firewall system, a proxy server, an authorization server, a web 
server and a gateway. The firewall system is disposed between the insecure public 
network (e.g., the Internet) and the secure, private network. The proxy server and 
the web server are on the insecure network side of the firewall system and the 
gateway and the authorization server are on the private, secure network side of the 
firewall system. 

The authentication server is configured to authenticate the user of the client 
computer based on a user identification (ID) and password from the user of the 
client computer. The web server is configured to pass the user ID and password 
through the firewall to the authorization server. The web server is further 
configured to build an authentication cookie having a valid condition when the 
authorization server authenticates the user of the client computer based on the 
user ID and password. 

However, the proxy server referred to in the reference text of Grantges is the DMZ proxy 
server 34. DMZ proxy server 34 does not redirect requests to the data processing system (or 
destination computers) because it cannot. According to the description of this server, DMZ 
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proxy server 34 does not know the URL of the destination servers and cannot, therefore, redirect 

a request to them (see, Col. 8, lines 23-28). The redirection is performed by computer system 20 

(see, Col. 4, lines 61-64). Additionally, the cited text does not describe the authentication of a 

user by the DMZ proxy server. Rather, the text refers to an authorization server as performing 

this function. The authorization server resides on the private side of the firewall and is not a part 

of DMZ proxy server 34. 

Claim 1 further recites the limitation, "characterized in that a user connects to a network 

accessible to the data processing system and initiates a request for services, wherein the request 

is after authentication of the user, redirected from the proxy server to the data processing system 

for task execution and possible return of results according to the contents of the request." The 

examiner cited Col. 4, lines 23-65 of Grantges as disclosing this limitation: 

Computer system 20 overcomes many of the shortcomings of prior gateway 
systems by providing a platform independent implementation via the use of commercial- 
of-the-shelf (COTS) components, as well as enhanced throughput via the use of SSL- 
based hypertext transfer protocol (HTTPS) for secure and fast messaging across the 
firewall. In addition, sensitive data is maintained on the secure, private network side of 
the firewall 32, not on the insecure, public network side of firewall, reducing the 
opportunity for hackers to breach security. 

Before proceeding to a detailed description of computer system 20, a general 
overview of the operation established by the invention will be set forth, as viewed by user 
18 of client computer 22. Initially, user 18 of client computer 22 enters the destination 
URL into a web browser portion of client computer 22. The web browser then issues an 
HTTP request across insecure network 26, which is routed to proxy server 34. The user 
18 may then be presented with a "popup" message that a secure network connection is 
about to be established. The message may also ask which X.509 digital certificate user 18 
wishes to use for authentication. The user-selected X.509 digital certificate is then sent to 
proxy server 34. At this point, a first level authentication is conducted, outside the 
firewall, by proxy server 34 (e.g., checks to see whether the X.509 certificate has been 
issued by a predetermined preapproved certificate authority). If authenticated at this 
level, proxy server 34 then sends the information contained in the client's digital 
certificate through firewall system 32 to gateway 38 to be authenticated at a second, more 
substantive level. The second level authentication involves examining the particulars of 
the X.509 digital certificate using the data stored on authorization server 467 If user 18 is 
authorized to access multiple applications, the next item after the "popup" message to be 
displayed to user 18 is an "options page", presenting the multiple choices. Once a 
particular application is selected, the next item to be displayed for user 18 is a welcome 
page of the selected application. Secure, authenticated remote access is complete. In 
accordance with the present invention, computer system 20 provides an efficient 
mechanism for routing the remote user 18 of client computer 22 to the selected 
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application being served by one of the destination servers. 

The cited text describes both elements that are on the public side of firewall 32 and 
elements on the private side of firewall 32. To the extent that the text is describing the operation 
of DMZ proxy server 34, it does not teach or describe redirecting a request from the proxy server 
to the data processing system for the reasons previously stated. 

For all of the foregoing reasons, Applicant submits that Grantges does not recite all of 
the limitations of claim 1 and does not anticipate claiml. Claims 2, 4-5, and 12-13 depend, 
either directly or indirectly, from claim 1 recite all of the limitations of claim 1 . For the reasons 
previously stated with respect to claim 1, Grantges does not anticipate claims 2, 4-5, and 12-13. 

Claim 14 is directed to a software proxy agent residing in a data processing system. As 
previously note, Grantges does not teach or describe a proxy agent residing at the data process 
system. For this reason, Grantges does not anticipate claim 14. Claims 15-19 depend from 
claim 14 and therefore recite all of the limitations of claim 1. For the reasons previously stated 
with respect to claim 14, claims 15-19 are not anticipated by Grantges. 

Claim 20 recites a method for remote control of a data processing system over a network 
by proxy. Claim 20 recites the limitation, "forwarding the request from the proxy server to a 
proxy agent at the data system." As previously shown, Grantges does not disclose or teach a 
data system comprising a proxy agent or a proxy server that forwards a request from the proxy 
server to the proxy agent. For this reason, claim 20 is not anticipated by Grantges. Claims 23-25 
depend from claim 20 and therefore recite all of the limitations of claim 20. For the reasons 
previously stated with respect to claim 20, claims 23-25 are not anticipated by Grantges. 
C. Claim Rejections Under 35 U.S.C. §103 

Claims 3, 6-8, 16, and 18-19 have been rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Grantges in view of U.S. Patent Publication 2002/01 18671 filed by Staples 
(herein, "Staples"). Claims 3 and 6-8 depend from claim 1 and therefore recite all of the 
limitations of claim 1 . Claim 1 has been shown to recite limitations not taught or disclosed by 
Grantges. The combination of Grantges and Staples cannot cure the deficiencies of Grantges. 
Applicant respectfully submits that claims 3 and 6-8 are patentable over Grantges and Staples. 

Claims 16 and 18-19 depend from claim 14 and therefore recite all of the limitations of 
claim 14. Claim 14 has been shown to recite limitations not taught or disclosed by Grantges. 
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The combination of Grantges and Staples cannot cure the deficiencies of Grantges. Applicant 
respectfully submits that claims 16 and 18-19 are patentable over Grantges and Staples. 

Claims 9-1 1, and 21-22 have been rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Grantges in view of U.S. Patent Publication 2004/0019638 filed by Makagon 
(herein, "Makagon"). Claims 9-1 1 depend directly or indirectly from claim 1 and therefore 
recite all of the limitations of claim 1. Claim 1 has been shown to recite limitations not taught or 
disclosed by Grantges. The combination of Grantges and Makagon cannot cure the deficiencies 
of Grantges. Applicant respectfully submits that claims 9-1 1 are patentable over Grantges and 
Makagon. 

Claims 21-22 depend from claim 20 and therefore recite all of the limitations of claim 20. 
Claim 20 has been shown to recite limitations not taught or disclosed by Grantges. The 
combination of Grantges and Makagon cannot cure the deficiencies of Grantges. Applicant 
respectfully submits that claims 21-22 are patentable over Grantges and Makagon. 
D. New Claims 

New claim 26 recites the limitations of claim 1 and the additional limitation that the 
instance of software residing on the proxy server is adapted for: "identifying and authenticating a 
data processing system and for permitting communication between the proxy server and the data 
processing system." This limitation is not taught or disclosed by Grantges. For this reason and 
for the reasons previously stated with respect to claim 1, Applicant submits that new claim 26 is 
not anticipated by Grantges. New claims 27-38 depend from claim 26 and recite all of the 
limitations of the base claim. Applicant respectfully submits that claims 27-38 are also 
allowable over the cited prior art. 

New claim 39 recites the limitations of claim 20 and the additional step of: "identifying 
and authenticating a data processing system at a proxy server." This step is not taught or 
disclosed by Grantges. For this reason and for the reasons previously stated with respect to 
claim 20, Applicant submits that new claim 39 is not anticipated by Grantges. New claims 40-44 
depend from claim 39 and recite all of the limitations of the base claim. Applicant respectfully 
submits that claims 40-44 are also allowable over the cited prior art. 
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C. Conclusion 

Applicant respectfully requests reconsideration of the current rejection of the claims now 
pending in this application in view of the above amendments, remarks and arguments. Should 
any further questions arise concerning this application or in the event the above amendments do 
not place the application in condition for allowance, applicant respectfully requests a telephone 
interview. Attorney for the applicant may be reached at the number listed below. 


Respectfully Submitted, 



Jon L. Roberts, Esq. 

Registration No. 31,293 

Elliott D. Light, Esq. 

Registration No. 51,948 

Roberts Abokhair & Mardula, LLC 

1 1800 Sunrise Valley Drive, Suite 1000 

Reston, VA 20191 
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